0

我知道很难用简单的词来表达它。但这真的让我很困惑。我将在 PHP 中为 Authentification 类编写代码。

以下是技术要点: 1. saml2p:AuthnRequest XML(在 php 中,我们必须将它们转换为对象,但如何?) 2. simplexml 数组到对象和对象到数组。3. JAX-WS 中的 WSSE 标头 4. AuthnRequestType

还有我的代码和问题:这应该是 authnrequest XML,但我不知道如何将它作为 SoapClient 中的参数放入方法中。

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest AssertionConsumerServiceURL="http://http://localhost/SAML/objectoarray.php"
    ID="551e5cd8-7f50-4dcd-bc85-eb625bb12da7" IssueInstant="2013-01-14T06:17:05.138Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Version="2.0"
    xmlns:ns4="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <saml2:Issuer>applpf.pioneer.jp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#551e5cd8-7f50-4dcd-bc85-eb625bb12da7">
                <ds:Transforms>
                    <ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <ds:DigestValue>4RzD9oGu0D+pWD1ZZfrb83WsWL8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>dxZE/60oe3+rlIbVUcCa1isgfOGM0pi5XRaKPsvFtyJ3RAw9AoLzN0nYngTD9Dj/TbWdu1wCW+gekrBUtbhKkBU7xBuBWtQvLxHCB7mHxiOZZqMSYR4kjzzmHEWqSbsG3oYoWhDBXyfHWnlztk8onI9sysiBMboJe7yybmne0PilZkLmkpZcTUefUKyrCQF1l49BIF5J5R+QC7Uh6dHCNXx1zFesVKBqmaWumlKCXssycEUFfNqoTD9rtlMnQ5U6aQEEfYpRClMS8SYdsY+K9daM0lEEncjfZrpUaZR5jQJo+M1CHSmfrv7qU36Hqi+vNWBK8YIH1raMkg17ZMYBhA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDPDCCAiSgAwIBAgIEUO+oMjANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xFDASBgNVBAoTC3BpbmVhcy10ZXN0MQ8wDQYDVQQLEwZwaW5lYXMxGjAYBgNVBAMTEXBpbmVhcy5waW9uZWVyLmpwMB4XDTEzMDExMTA1NTA0MloXDTMzMDEwNjA1NTA0MlowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRQwEgYDVQQKEwtwaW5lYXMtdGVzdDEPMA0GA1UECxMGcGluZWFzMRowGAYDVQQDExFwaW5lYXMucGlvbmVlci5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKUzsdfIqPe81UYNgyeBsnSvZcNGoTsn/SEnvo09IXjaQxOHUhPY/RQmsAK6ZnjlVNi1zO+0W71KF4Kl1sLJC3Yhv92aoL09cJfWlx/AYz5wpAm7B/om2CYADxoAsaT5+Wlif+aO2CAgwVCLIZzMhIF1B6YX+c3+WnWZceHvzy8F04mCeFFsT9sf6VQ3ZGiZXK8U9CnfdOFYMb/GCgUyqut/jpgCXvyzwZ4aGPBIOuCDuMDhfw6tvTjf0W2lAgmWmcjPs0kmDtV9SHOAPOYBCPrDDjFJsQwLiCwJiHYFMCKnIRNfXzGs9xttFkt4/WOgMMSo2suttvu2JZ7GhoFZJrkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAPMsJkuDhxeZwwd7XEbLi+2847JVzpvR1R90azkdvq9bJrs/b4IZMEJo+Qbswb+KajV/1W40kf+wjOEwvpDmyILD9Ds0zuVEipzGv+wAsQd6WMl5GcDTNs/PQqn8hEf/+l0llJeZ5DHbzUSZRd91Y2AAM2q2gcRo/PJkMB110Arl1POaCWCEKqyLfIA2g9ZaxXqUYEWk1rs4NeR/T+7hPm2HZzPRm4zbcfETIcoFqoymlx++TgFACy5ZoSAuMfEE6X9G6sySAvVyStqHD1sZiD8AoRKMCVll7u2zNQYjuIHCtIfqDDP3WlhAEJ7Bm1YmK2PEOKADn3msG3dt2pf92zQ==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

我只是将它们保存为纯 xml 并将它们转换为数组。

喜欢 :

$xml = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest AssertionConsumerServiceURL="http://applpf.pioneer.co.jp/" ID="0011e577-5e4a-46b5-9703-888294c0bd66" IssueInstant="2013-01-14T06:19:51.626Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Version="2.0" xmlns:ns4="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><saml2:Issuer>applpf.pioneer.jp</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#0011e577-5e4a-46b5-9703-888294c0bd66"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>PWG+OxqzVzA0piHjtvsjh/MlChA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>gcoF7BZAJ0W85PK9tbSvJT0aTATQTysFmi+FxyLfZvhA7nHtmYqqXfy9r2r73Jai1qCruPUGmOx3IpjP9wjBPnCCCx/gHW8UjPdAJlLhNBK17svKEmx4uMranN5M/MLrFnqkQduuzmMXl/xio3+iJs4Tldo/5wL4L99Go58l+BMGurEdgmh744E7v+yvniS1thPjc2E07Dlb0o5rdlqkEYYPL2CR0r8er3IXdT2+939iaoD8h+B3v9zu6M6qNcOTfVz9HmV54/sIB15u9cl7efDIsHj4/uAlnqZTg66EgrD44Cj0J2b7z8mo1Qdd+8b59vRA6DtRXw3DnIE3hKeMRw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDPDCCAiSgAwIBAgIEUO+oMjANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xFDASBgNVBAoTC3BpbmVhcy10ZXN0MQ8wDQYDVQQLEwZwaW5lYXMxGjAYBgNVBAMTEXBpbmVhcy5waW9uZWVyLmpwMB4XDTEzMDExMTA1NTA0MloXDTMzMDEwNjA1NTA0MlowYDELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMRQwEgYDVQQKEwtwaW5lYXMtdGVzdDEPMA0GA1UECxMGcGluZWFzMRowGAYDVQQDExFwaW5lYXMucGlvbmVlci5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKUzsdfIqPe81UYNgyeBsnSvZcNGoTsn/SEnvo09IXjaQxOHUhPY/RQmsAK6ZnjlVNi1zO+0W71KF4Kl1sLJC3Yhv92aoL09cJfWlx/AYz5wpAm7B/om2CYADxoAsaT5+Wlif+aO2CAgwVCLIZzMhIF1B6YX+c3+WnWZceHvzy8F04mCeFFsT9sf6VQ3ZGiZXK8U9CnfdOFYMb/GCgUyqut/jpgCXvyzwZ4aGPBIOuCDuMDhfw6tvTjf0W2lAgmWmcjPs0kmDtV9SHOAPOYBCPrDDjFJsQwLiCwJiHYFMCKnIRNfXzGs9xttFkt4/WOgMMSo2suttvu2JZ7GhoFZJrkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAPMsJkuDhxeZwwd7XEbLi+2847JVzpvR1R90azkdvq9bJrs/b4IZMEJo+Qbswb+KajV/1W40kf+wjOEwvpDmyILD9Ds0zuVEipzGv+wAsQd6WMl5GcDTNs/PQqn8hEf/+l0llJeZ5DHbzUSZRd91Y2AAM2q2gcRo/PJkMB110Arl1POaCWCEKqyLfIA2g9ZaxXqUYEWk1rs4NeR/T+7hPm2HZzPRm4zbcfETIcoFqoymlx++TgFACy5ZoSAuMfEE6X9G6sySAvVyStqHD1sZiD8AoRKMCVll7u2zNQYjuIHCtIfqDDP3WlhAEJ7Bm1YmK2PEOKADn3msG3dt2pf92zQ==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml2p:AuthnRequest>');
$xml_object = simplexml_load_string($xml->asXML());

最后我把它作为参数放入方法中

$authnSample->loginByCustomer($xml_object,"\$00astest","password");

在 CustomerLoginService 类我们做

class WsseAuthHeader extends SoapHeader {

private $wss_ns = 'http://docs.oasis-open.org/wss/2004/01/asis-200401-wss-wssecurity-secext-1.0.xsd';


    function __construct($user, $pass, $ns = null) {
        if ($ns) {
            $this->wss_ns = $ns;
        }

        $auth = new stdClass();
        $auth->Username = new SoapVar($user, XSD_STRING, NULL, $this->wss_ns, NULL, $this->wss_ns); 
        $auth->Password = new SoapVar($pass, XSD_STRING, NULL, $this->wss_ns, NULL, $this->wss_ns);

        $username_token = new stdClass();
        $username_token->UsernameToken = new SoapVar($auth, SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'UsernameToken', $this->wss_ns); 

        $security_sv = new SoapVar(
            new SoapVar($username_token, SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'UsernameToken', $this->wss_ns),
            SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'Security', $this->wss_ns);
        parent::__construct($this->wss_ns, 'Security', $security_sv, true);
    }
}

接着

$wsse_header = new WsseAuthHeader($this->userid, $this->password);
$this->soapClient = new SoapClient($url, array("trace" => 1, "exception" => 0));
$this->soapClient->__setSoapHeaders(array($wsse_header));

但最终我仍然得到这样的错误:

异常:SoapFault 异常:[HTTP] 内部服务器错误在 C:\php5\www\PINE_FW_AS_PHPProject\com\pioneer\pine\fw\as\object\CustomerLoginService.php:137 堆栈跟踪:#0 [内部函数]:SoapClient- >_ doRequest(' _call('login', Array) #2 C:\php5\www\PINE_FW_AS_PHPProject\com\pioneer\pine\fw\as\object\CustomerLoginService.php(137): SoapClient->login(Array) #3 C:\php5\www\PINE_FW_AS_PHPProject\com\pioneer\pine\fw\as\Authentication.php(76): CustomerLoginService->login(Array) #4 C:\php5\www\SAML\test_authreq01.php( 48): Authentication->loginByCustomer(Array, '$00astest', 'password') #5 {main}

谁能告诉我,我怎样才能以正确或简单的方式正确访问 Auth 服务器。

4

1 回答 1

1

我对某些 Web 服务进行了非常相似的身份验证。这是我这样做的方式。一个将数组转换为 SoapVar 对象的函数。

function arrayToSoapVarObject($array=array(),$nameSpace=NULL,$nodeName=NULL){
    $object=array();
    foreach ($array as $key=>$val){

        if (is_array($val))
            $object[$key]= new SoapVar(arrayToSoapVarObject($val,$nameSpace), SOAP_ENC_OBJECT, NULL, $nameSpace, $key, $nameSpace);
        elseif (is_string($val))
            $object[$key]=new SoapVar($val, XSD_STRING, NULL, $nameSpace, NULL, $nameSpace);
        elseif (is_object($val))
            $object[$key]=new SoapVar($val, SOAP_ENC_OBJECT, NULL, $nameSpace, NULL, $nameSpace);
    }

    return $nodeName!=''?new SoapVar((object)$object, NULL, SOAP_ENC_OBJECT, NULL, $nodeName, $nameSpace):(object)$object;
}

现在,只需以需要 WSSE 的方式声明一个数组

$strWSSENS = "http://schemas.xmlsoap.org/ws/2002/12/secext";

$token=array(

        'UsernameToken'=>array(
                'Username' => 'XXX',
                'Password' => 'YYY',
                'Organization' => 'ZZZ',
                'domain' => 'DEFAULT',
        ),
);

$objToken=arrayToSoapVarObject($token,$strWSSENS,'UsernameToken');

这个 objToken 是一个完美的 SoapVar 对象......所以我们用来制作 WSSE Header Security

$objSoapVarWSSEHeader = new SoapHeader($strWSSENS, 'Security', $objToken,true, 'https://actor.com');


try {

 $client= new SoapClient($wsdl);
 $client->__setSoapHeaders(array($objSoapVarWSSEHeader));
 $response=$client->__soapCall('Action',array($arguments),null,null,$output_headers);
}catch (SoapFault $fault){

    echo $fault->getMessage();
}

我想这种方法有点简单。

于 2013-03-07T23:30:27.983 回答